topic Re: https inbound inspection on port 8443 in Firewall and Security Management

https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 09:09:59 GMT

Hi everyone, on my R80.40, for a web site, I have enabled https inbound inspection on port 8443 which I have defined as https protocol.
The setting works because the client sees the certificate which I have put into the firewall for the inspection, but why is there no logs of "https inspect" ?

There is only firewall blade's log

Please take a look to images

thanks
Emiliano

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 11:49:35 GMT

I cant remember now, but I think it has to do with legacy https inspection dashboard setting(s). I will check it later in my lab to see if I can find it.

Re: https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 12:06:38 GMT

ok, please let me know

thanks

Emiliano

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 13:43:29 GMT

Sorry, I think I may have confused 2 different things, my apologies. But, just to be sure, can you send a screenshot of below? Go to dashboard, then manage and settings on lefr, then click on blades and all the way down open dashboard for https inspection. Once new window pops up, click on server certificates on the lft and if you could send whats there, would be great.

Re: https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 14:09:14 GMT

I've uploaded the image, but I can't understand how it can help

Emiliano

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 14:11:09 GMT

You are right, sorry, I thought there were some settings there for logs, but I was wrong, apologies. Lets see if anyone else may have an idea.

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 14:13:39 GMT

One thing I thought of is if you go to logs and monitor and enter this search -> blade:"HTTPS Inspection", do you see anything at all for what you are looking for or no?

Re: https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 14:55:00 GMT

my apologies, I went wrong because, for the inbound inspection, I set up an https rule with server's private ip and not with ip public of nat. Now I changed so now there are "https inspection" events.

Unfortunately there is somenthing that doesn't work well because the event says :"Internal system error in HTTPS Inspection (Error Code: 2)"

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 15:05:12 GMT

For that, you may need to involve TAC. I noticed that a lot too with one customer that uses https inspection, but even though we did raise case with TAC about it, we had not gotten an official reason yet. Personally, I believe it has to do with engine settings from legacy https dashboard, but though we tried changing those as well, did not do anything.

Re: https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 15:47:16 GMT

tomorrow I'll open a ticket.

thanks a lot for your support

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 19:41:53 GMT

For sure, any time. Please update us how it goes, because Im also curious to see what can be causing that warning/error.

Andy

Re: https inbound inspection on port 8443

emiliano_mastro — Sun, 26 Sep 2021 20:09:44 GMT

I just figured it out.

I allowed the traffic only from some public ips to the nat IP of that server, but to work I also had to open traffic from my firewall to private ip of that server. that's all. Now there are "https inspection logs"

I really apologize for wasting your time. I hope my errors can be useful for someone

thanks

Emiliano

Re: https inbound inspection on port 8443

the_rock — Sun, 26 Sep 2021 20:12:12 GMT

Im glad it worked and please, never apologize for something like this, because its a community where people want to help others, so to me at least, its never a waste of time. More people share ideas and find solutions, its better for EVERYONE!

Have a great night!

Ciao 🙂

Andy